and for a whole lot of drift with respect to smartcards being pda/cellphone 

Storm building over RFID-enabled passports

from above:

The chip, which is embedded inside the cover of the passport, contains only a 
duplicate copy of the passport photograph and the printed data. The digital 
data is intended to prevent forgeries by allowing inspectors to compare the 
printed and digital data.

... snip ...

the article mentions that integrity of the electronic data is protected by a 
digital signature (preventing tampering and/or forgeries).

At some level, the digitally signed data can be considered a electronic 
credential that is extremely difficult to counterfeit.

posting with number of references about cloning (electronic) passport data And another cloning tale

from three factor authentication model

* something you have
* something you know
* something you are

... frequently hardware tokens (chips) are implemented as "something you have" 
authentication (i.e. the chip supposedly contains some unique information ... which differentiates 
it from every other chip). some recent posts mentioning "something you have" 
authentication. On-card displays RSA SecurID SID800 Token vulnerable 
by design Fraudwatch - Chip&PIN one-sided story

however, taking the passport chip data as an electronic credential, cloning the 
information doesn't (directly) represent a vulnerability ...  since it is more 
analogous to digital certificates ... which are readily assumed to be widely 

the passport chip data as an electronic credential containing a digital photograph ... and matching 
a person's face to the digital photograph then represents "something you are" 
authentication (as opposed to assuming the chip ...or even a cloned chip ... represents any sort of 
"something you have" authentication).

in theory, an electronic credential would be considered valid, regardless of 
any specific chip container that it might be carried in. one might then make 
the assertion, that a passport electronic
credential could be carried in any device capable of reliably reproducing the 
correct bits.

going back to the issue raised in On-card displays

that most smartcards/chips are really pda/cellphone wanabees ... one might 
suggest that you could then even carry your electronic credential/passport in 
your pda or cellphone ... as opposed to needing a separate physical device.

the issue that then is raised are there any significant privacy considerations 
similar to privacy issues raised with x.509 identity digital certificates from 
the early 90s (having large amounts of privacy information in x.509 identity 
digital certificates widely distributed all over the place).

by the mid-90s, many institutions considered that the privacy and liability problems with 
x.509 identity digital certificates were so significant that they retrenched to 
"relaying-party-only" certificates. lots of past posts mentioning 

these were digital certificates that effectively only contained some sort of 
database index or account number. the relying party then used the account 
number to retrieve the actual information of interest (w/o having to widely 
expose it in any way).

the analogy for an electronic passport infrastructure would be just needing to present 
the passport number. the actual credential data (and any photos or other information 
necessary for "something you are" authentication) is retrieved from secure 
online repository.

as repeatedly pointed out in the "RPO" digital certificate scenario ... it 
isn't even necessary to include the account/passport number in a digitally signed 
document ... since there is no information that needs integrity protection. the person 
just makes an assertion as to their correct account/passport number. the appropriate 
information is then retrieved from the online infrastructure and used for authentication 
(and whatever other required purposes). asserting the
wrong account/passport number presumably retrieves information that fails to 
result in valid authentication.

needing (some certification authority) to digitally sign the passport/account 
number (in the RPO scenario) for any possible integrity purposes, is then 
redundant and superfluous (one of my oft
repeated comments).

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to